2. 09:00-10:20 Understanding Azure API Management
05 min Introduction - Say hello.
15 min Presentation - Let's talk about API-M in general but also
how it works
15 min Task 1 - Prerequisites - We use the portal and PowerShell
inside the portal.
10 min Task 2 - Provisioning (Consumption)
20 min Task 3 - API import in 3 different ways
15 min Task 4 - Products and Subscriptions
10:20-10:40 Break
10:40-12:00 Policies in Azure API Management
20 min Presentation (and pre-requisites)
20 min Mocking
10 min Manipulating the response
20 min Conditions
Agenda (160 min)
3.
4. Frictionless consumption
Self-service user onboarding
Front door
Single point of ingress
Façade
Hide backends from frontends
Move backends without impacting frontends
Re-architect backends without impact on frontends
Expose a subset of backend capabilities
Aggregate or slice backends into APIs
Modernize legacy backends
Decouple frontend developers with mocks
Route
Authenticate
Authorize
Throttle
Transform
Trace
Meter
Discover APIs
Learn how to use APIs
Try APIs without writing any code
Request and receive access to APIs
Download API specs, samples, and SDKs
Interact with the API provider
Get usage reports
21. Task 1: Setup (together)
Make sure you can open a console from within the Azure Portal. Create then a resource group where you will
deploy APIM to.
Task 2: Provision an instance of Azure API Management
Use PowerShell from the console in the Azure Portal. Provision an instance of APIM and make sure that
whatever you will provision in this workshop will be deleted later together. Choose the purchasable Stock
Keeping Unit (SKU) that bills per execution.
Task 3: Deploy 3 APIs in 3 different ways
In this task we'll deploy 3 APIs that we will need in the task that follows.
1.Deploy the famous conference API (https://conferenceapi.azurewebsites.net/?format=json ) to your APIM
instance with PowerShell and test it from your favorite browser.
2.Deploy the petstore api (https://petstore.swagger.io/v2/swagger.json ) to your APIM instance directly from
within the Azure Portal.
3.Create an own API called payments API with a basic GET endpoint directly from within in the Azure Portal.
This API won't do much since it is missing an actual implementation yet. We will fix this in a later task.
Task 4: Secure your APIs
There are two clients. One client is an iOS developer that has written an App that shows Microsoft
conferences. He needs only access to your conference API. The other client represents your own Android App
that implements a pet store. This client need access to the petstore API and the payments API. In this task you
will need to look at products.
30. Task 5: Mock the payments API
The payments API doesn't have an implementation yet. In this task we will mock its response with
policies. To make it easy to change the response text later, we define the response text as a
placeholder. We use named values for that.
Task 6: Append header to the response
Cutomers using our API Management instance will need to pay for the services they use. Once a
month, they get a report about the usage per cost center. The problem for the customers today is
that they don’t know what cost center the petstore belongs in. Let’s change that by appending a
«CostCenter»-header to the response. The value can be anything.
Task 7: Blacklist IPs
We have one blacklisted IP address that we want to prevent from using all services coming
through API Management. We will add a policy to our instance that will prevent this IP from
accessing all of our services.
42. Task 6: Configure APIM to send logs to Event Hub
We need to collect logs to event hub for further processing, therefore we need to do the following:
1. Create EventHub namespace with EventHub called apimlogs
2. Add new APIM EventHub logger and use EventHub created at #1
3. Configure that all inbound calls for all APIS send the following data to EventHub:
timestamp (in UtcNow format), request id and operation name
Task 7: Configure APIM to send logs to Application Insight
To simplify debugging we can send APIM logs to Aplication Insight. Let’s create new Application
Insight instance and configure APIM that all APIs logs request data to Application Insight.
Editor's Notes
So what are the benefits of deploying API Management in front of your services. This comes down to the essence of API Management.
APIM creates a façade in front of your service clusters
APIM serves as a front door and a single point of ingress to your backend services. It is a reverse proxy that routes incoming requests to your backend services. You can handle all of our cross-cutting concerns in API management. Since all traffic goes through APIM, Azure also collects telemetry, so you can trace requests and meter the usage.
APIM also provides kind of self-service, so we can easily onboard developers that want to use our APIs.
We think APIM to be a very powerful and flexible tool with lots of great features.
The most important job of APIM in Vipps is for composing APIs across services running in AKS, serverless or elsewhere.
Another use is coarse grained access control. There is no need to allow traffic further into our systems if it can be stopped at the edge, but applications are ultimately responsible for their own access control.
We also use it for rate limiting, helping protect the rest of our infrastructure and increasing overall reliability.
AzureRm
AzureRm
Swagger https://petstore.swagger.io/Portal / Management portalSKUVersioningGroups
Named Values
VSCode extension
#tmp-apim-ws-2
Where do I find some policy tutorials?
What is the common way of debugging a policy?
How does VS Code support policies?
Where is the policy documentation?